Building resilience: what are the top five operational risks for financial services firms?

A new StrategicRISK global survey commissioned by Riskonnect finds that cyber risk and post-pandemic trauma to operations and people are the top ongoing threats

he coronavirus crisis has forced businesses of all shapes and sizes to reflect and rethink how to improve and update processes for the digital age. At the heart of this reevaluation is operational resilience: a topic that has become increasingly prominent in recent years – particularly within the financial services sector – according to a StrategicRISK global survey commissioned by Riskonnect and published in June.

“Growing regulatory pressures, a continued shift towards intangible assets, digitisation and the Covid-19 pandemic are just some of the reasons why [operational resilience has grown in importance for business leaders],” states the report.

The research paper, ‘Eyes wide open’, explains how operational resilience is built and offers organisations tips on how to be ready for anything. Further, it argues that while there has been a shift in thinking about resilience more broadly since the pandemic began, the more significant catalyst was the global financial crash of 2008.

“In part, it is a reaction to the feeling that government, business and society were all taken by surprise by something they should have seen coming in their rear-view mirror,” it says. Analysis by Howden indicates that nearly 70% of total business value for the world’s largest 50 corporations now emanates from intangibles, equating to roughly $11tn.

“From a supervisory perspective, surviving and thriving in the face of a major shock requires a holistic framework, with top management setting the tone from the top,” the report continues. “Operational resilience is the start of a journey, they argue. It is not a destination.”

Risk professionals need to continue to demonstrate the benefits of having risk at the front of the decision process

Jim Wetekamp, chief executive of Riskonnect, suggests that while boardrooms discuss this subject, taking action is more important. “The most well-used term at the moment is operational resilience in risk management,” he says. “You can go to any organisation that touches risk right now, and they are talking about operational resilience, which is great. But it is a merging of worlds that are enterprise risk, operational risk and continuity together.

“Now, that doesn’t necessarily mean that you should think of operational resilience as a superset of all that functionality. It’s this idea that I need to describe my critical business services, understand my tolerance for interruption and define risk impact analysis and response plan. And I need to be prepared for different scenarios of activating that. That is very much an operational resilience topic.”

This concept was built on the foundations of traditional business continuity management strategies, he says. But, “the reason it’s called operational resilience is that it starts from the other end. It’s about the outcome and the quantification of critical business services and the impact financially if different risks cause them to fail.”

The report lists the top five operational risks for business leaders, based on survey responses. By far the top-ranked answer, with 88%, is cyber risk and data security. Given how cybercriminals are taking advantage of the security challenges posed by the new environment, this is not a surprise. “A more dispersed workforce has allowed malicious actors to evolve their social engineering and brute force hacking techniques to find new, more targeted methods to compromise network systems and defraud organisations,” the report posits.

Second on the operational risk register for 2021 is staff wellbeing and people risk, selected by 74% of respondents. And the third most concerning operational risk, with 52%, is organisational change.

In light of these risks, Riskonnect’s CEO says there needs to be internal change management. “Risk professionals need to continue to demonstrate the benefits of having risk at the front of the decision process,” he adds. “They need to explain why this supports the move from monitoring to continuous improvement, from watching to orchestrating – that’s how risk will work collaboratively across the organisation.”

To find out more about operational risk download the ‘Eyes wide open’ report

Sponsored by